Friday, September 22, 2017

There was a discussion on twitter some weeks agoabout current call graphs of larger software projects.I noticed that my instrumentation package from 2005, 2007and 2010 failed to work with current openssh versions.I made a small writeup why and also publish callgraphs for a sshd session of OpenSSH 7.4p1 server.

Thursday, June 29, 2017

As I am interested in Crypto and its implementation,being it my own projects or competing ones, I often take a deeplookinto the OpenSSL and LibreSSL projects to estimatewhat can potentially go wrong and where special caremust be taken while swimming with sharks.

I have already written and complained here in past about theshiny OpenSSL 1.1 API changes. I think its safe to say that opmsgand drops have been the first larger projects being neatlyported to the 1.1 API, while still being aligned to olderOpenSSL installations and LibreSSL, cross platform of course.How many projects do you know - and heavily use libcrytoor libssl - can do that?OpenSSH for example can't. OpenSSH-portable on Linux sufferedsimilar hard times due to the new 1.1 API. No pain, no gain.While OpenSSH upstream declined to makeOpenSSH-portable ready for the 1.1 API (at least yet),there was still demand for it, since lots of newer distroswere simply not able to build their openssh packages with theirown shipped libcrypto packages. Thats why the Fedora projectadopted patches (this one is already fixed after my report).However they introduced some double-free conditions bymeans of RSA_set0_key() and similar functions. You can readmy report and see in the patch how the order of functioncalls has been changed to fix the double-frees.You can thank me later that I saved your Fedora boxesfrom an ssh 0day.

Friday, June 16, 2017

If you were ever curious about what a GUI frontend designedby me would look like, here you go.

Hand crafted without any GUI builder but with much loveand ergonomics and minimal dependencies. It allows youto manage your personas and op messages easily and tosend instant messages to your peers without the commandline hassle. And most importantly: without anyone watchingand processing even the meta data.If you have a static IPv4 (or v6), consider running adrops node. Its small footprint and you don't necessarilyneed to participate in messaging. You can just run it in background as a message hub.

Friday, May 19, 2017

I published my writeup about CVE-2017-8422 and CVE-2017-8849,including the PoC for smb4k.Note, that this helper is most likely not installed bydefault on KDE systems. However, other helpers which areinstalled by default are affected too, such as kcm_systemd whichcould be leveraged to overwrite arbitrary files.The most complicated thing about the PoC was to setupa proper Qt/KDE 4/5 build environment; so I decided tojust use dbus-send with a binary blob instead, ratherthan creating my own QVariantMap.

Thursday, May 4, 2017

Last week, someone opened a bug for opmsg, saying itwont compile with recent versions of gcc.I am happy that I've been noticed about it, since it showspeople are using opmsg. The "bug" however is not withinopmsg, its about the way OpenSSL changes their functiondefinitions (breaking the API!) in between minor versionsof OpenSSL.What exactly happened?In above screendump you see two functions constp() andconstpp(). They will serve as an easy, down-stripped demo.While with constp() the constchar * declarationby the programmer is more like a promise to the callerthat the data at which ptr points to, will not be written to,this is different when the type changes to a doublepointer. You can pass char * variables to constp() withoutany problem, because constp() just promises you to not modifythe pointee data. It would be allowed to do so for char *variables, but it confines itself to this promise, whichis good practise to show the user of the API "Hey, wewont modify your data as you pass it to us." There are no problems if you would change a foo(char *)declaration to a foo(const char *) because the later declaration just promises more to you, and you lose nothing by foo()making additional promises to you.The takeaway is: you can pass a char * variable to afunction that wants a const char *. Both foo()functions are accepting the same type. You can seethis by the compiler accepting the call to constp()for a char * variable.Thats different when a double pointer is involved aswith the constpp() function. Here you have to passa const char ** because otherwise the pointer value itself couldbe assigned a char * by which const objects could be modified.This would violate the const correctness of the programand obsolete the const keyword. Thats why the foo(char **)and foo(const char **) arguments are really different types.In other words, you cant just add a const keyword todouble pointer function arguments as you could do itwith single pointers. You end up having entirely differentfunction signatures.

Now, guess what OpenSSL has made with theDH_get0_key(const DH *dh, BIGNUM **pub_key, BIGNUM **priv_key);andRSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d);functions? They "just" added a const to the BIGNUMdouble pointers somewhere after the 1.1.0 versionalready introduced a new API. Thats a warning forC11 programs (one that you should not ignore) but evenworse, as you can see in above demo, its an error forC++11 programs.So, I had to add a wrapper function for the functionsin question which call the right functions, dependingon the OpenSSL version.If you want to read more about the double pointerconst topic, its described here.

Thursday, April 20, 2017

My google-cloud free-trial account will run out soon, so thebootstrap IP address in the drops README will end upbeing non-responsive soon. I am not sure which cloudprovider I will use in future, so I am not signing upfor premium there yet. I am quite happy there wrt stabilityand the overall setup; its merely a matter of pricing.I plan to write some fancy ncurses GUI frontend for drops,so one can read and write drops messages in mutt-style,but that can take a while. (I need less ShadowLeaker 90's 0daythat reminds me of old times and more joy starting to learnncurses) Until then, someone else has to spend free bonus coinsof his cloud provider to setup drops bootstrap nodes (andthanks to that anon french guy running that 78* node :)

Wednesday, March 29, 2017

My previous git signing key expired, so I uploaded a new one.I didnt sign all of my github repos with it yet,but I took the opportunity to polish my optimized ddrepo, adding a useful help and making it fully usableunder the GPLv3.If you dont do so already, consider signing yourexternal git repos. Its painless and you will thank me laterin case your external repos will be fucked with.

Thursday, February 23, 2017

The sshttp protocol muxer has been updated to supportSNI muxing. When muxing SSH/HTTPS, the ClientHello messageof the TLS handshake may contain a SNI, which is parsed bysshttpdand can be routed to an alternative port (rather than to the regular https port specified with -H).This is of particular interest with the drops p2p network,as it is using TLS with the SNI of drops.v2.This way you can hide sshd and drops behind your https server.

Friday, February 3, 2017

In the past months I have been working on a projectfor a distributed p2p messenging platform, featuringthe opmsg format. opmsg is usually attached to emails.Emails however leave meta data traces such as email addresses andheader content. Not so with drops, which is ready for testing !As its a p2p network, it lives from participating people.So even when you dont use opmsg yourself, you can setupa drops node so the network gets more distributed andstable.Its now in beta testing, and some features such assandboxing are yet missing.Dont be worried by the spartanic README, it will getupdated and there will also be a document describingthe techical details.